﻿using IdentityServer4.Models;
using IdentityServer4.Services.InMemory;
using System.Collections.Generic;
using System.Security.Claims;

namespace identityserver4start {
    public class Config {
        public static IEnumerable<Scope> GetScopes() {
            return new List<Scope> {
                StandardScopes.OpenId,
                StandardScopes.Profile,
                StandardScopes.OfflineAccess,
                new Scope {
                    Name = "api1",
                    Description = "My API"
                }
            };
        }

        public static IEnumerable<Client> GetClients() {
            return new List<Client> {
                // 无需帐号密码，使用固定的client、secret即可授权
                new Client {
                    ClientId = "client",

                    // no interactive user, use the clientid/secret for authentication
                    AllowedGrantTypes = GrantTypes.ClientCredentials,

                    // secret for authentication
                    ClientSecrets = new List<Secret> {
                        new Secret("secret".Sha256())
                    },

                    // scopes that client has access to
                    AllowedScopes = new List<string> {
                        "api1"
                    }
                },

                // 需要帐号密码，由services.AddDeveloperIdentityServer().AddInMemoryUsers(Config.GetUsers()); 注入帐号系统
                new Client {
                    ClientId = "ro.client",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

                    ClientSecrets = new List<Secret> {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = new List<string> {
                        "api1"
                    }
                },

                // Implicit 含蓄。适用于授权后跳转回指定场景的需求，除了AccessToken不会直接提供其它数据。提供了登录/退出的webview
                new Client {
                    ClientId = "mvc",
                    ClientName = "MVC Client",
                    AllowedGrantTypes = GrantTypes.Implicit,

                    // where to redirect to after login
                    RedirectUris = new List<string> {
                        "http://localhost:5002/signin-oidc"
                    },

                    // where to redirect to after logout
                    PostLogoutRedirectUris = new List<string> {
                        "http://localhost:5002"
                    },

                    AllowedScopes = new List<string> {
                        StandardScopes.OpenId.Name,
                        StandardScopes.Profile.Name
                    }
                },

                // 混合。同时具备Implicit和ResourceOwnerPassword的功能
                new Client {
                    ClientId = "hybrid",
                    ClientName = "Hybrid Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                    ClientSecrets = new List<Secret> {
                        new Secret("secret".Sha256())
                    },

                    RedirectUris = new List<string> {
                        "http://localhost:5002/signin-oidc"
                    },

                    PostLogoutRedirectUris = new List<string> {
                        "http://localhost:5002"
                    },

                    AllowedScopes = new List<string> {
                        StandardScopes.OpenId.Name,
                        StandardScopes.Profile.Name,
                        StandardScopes.OfflineAccess.Name,
                        "api1"
                    }
                },

                new Client {
                    ClientId = "js",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,

                    RedirectUris = new List<string> {
                        "http://localhost:5003/callback.html"
                    },
                    PostLogoutRedirectUris = new List<string>{
                        "http://localhost:5003/index.html"
                    },
                    AllowedCorsOrigins = new List<string>{
                        "http://localhost:5003"
                    },

                    AllowedScopes = new List<string>{
                        StandardScopes.OpenId.Name,
                        StandardScopes.Profile.Name,
                        "api1"
                    }
                }
            };
        }

        public static List<InMemoryUser> GetUsers() {
            return new List<InMemoryUser> {
                new InMemoryUser {
                    Subject = "1",
                    Username = "zicjin",
                    Password = "z5656z",
                    Claims = new List<Claim> {
                        new Claim("name", "Alice"),
                        new Claim("website", "https://alice.com")
                    }
                },
                new InMemoryUser {
                    Subject = "2",
                    Username = "bob",
                    Password = "password",
                    Claims = new List<Claim> {
                        new Claim("name", "Bob"),
                        new Claim("website", "https://bob.com")
                    }
                }
            };
        }
    }
}
